One of the more frustrating tasks for WordPress webmasters is when a site gets infected with malware or other nasties and the webmaster has to go through and clean up all of the mess. Many times this means combing through a bunch of the php files, finding the ones that are corrupted and deleting the malicious code by hand.
The alternative to this is to take a big scrub brush the database and getting the offending entries out there. But that has its limitations as well.
Wordfence offers a plugin to remedy that. Not only does it detect corrupted files , malware and other nasties, it also warns you proactively when a file has been modified via email. So I tried it out on a number of sites that were infected that clients wanted me to clean up. Here are my results to date:
1) It is EASY to install and use. No messy configuration. I really liked this part about it. Scanning was easy and it was simple to see which threats were critical and which were not.
2) One downside is that in order to clean the plugin folders and check them against the repository, you need the PAID version. This was a pain for me as I have many sites under my control, but if you have one or two sites, this should simply be a part of doing business. Do NOT attempt to cut corners and go with the free version though. You will be sorry…and reinfected. 😉
3) Be CAREFUL in deleting files. One of the sites I was cleaning had an old theme that was pretty well messed up (putting it nicely). The plugin gave me the option to delete the file INSTEAD of reverting to the old themes original files. No bueno. I deleted it and then had to find the old files to replace the missing ones.
4) On the Paid version they need to have a way to mass clean multiple items. I get why they don’t, see #3 above, but they really need to do this for sites that have hundreds of corrupted files, it would greatly speed things up.
OVERALL The plugin is awesome. I love the ability to receive emails that inform me when there is a security task to be done. It is WORTH the money if your site is worth the time. #justsayin.